AVG 7.5 and VDub exe???

[GMaq]

Hi,
My latest AVG 7.5 Scan has targeted all my Vdub exe files as Trojans. Obviously these must be false positives since I've had these for years, just curious if anyone else has seen this?? It selected both VDub 1.6 and VDub MPEG-2 exe(s)

[Ai Haibara]

Do you know if the files are compressed with an EXE packer, like UPX? What specific trojan (name) is AVG detecting?

Also, are your virus definitions up-to-date?

[redwudz]

I'm running AVG 7.5 with regular updates on 3 machines that have VDM and VD 1.6 on them and I haven't seen any problems.

[GMaq]

Hi,
Further weirdness, BTW definitions are updated daily. Before the scan Quarantined the exe files in question I stopped it and examined the VDub folders, As soon as I opened the folders AVG notified me of the threat, in both folders in question there was a "vdub.exe" file with a DOS Window icon, to my knowledge those shouldn't be there since the VirtualDub exe file has a VirtualDub icon. Some malware has placed those fake "vdub.exe" files in my folders. I am going to scan further with SpySweeper and check it out. In the meantime I would caution people to be on the lookout for this, I run a clean system and religiously keep my AntiVirus and Anti-Spyware updated, and 99.9% of my web activity is VideoHelp and the Tools links. The Trojan Horse is called "Trojan horse PSW.Generic2.RES", AVG database did not have a description on file.

[redwudz]

There are quite a few trojans with variations of that name. You can find a little more about it with a Google search for 'PSW.Generic2'.

[gadgetguy]

For the record... vdub.exe is a valid file in the VirtualDub folder.

[GMaq]

gadgetguy,
AVG deleted the vdub.exe files with the DOS icons yet VirtualDub still runs fine, Just for clarification were you referring to the exe with the "Filmstrip and Gear" icon or is there supposed to be one with a DOS icon?? I recently updated my ffdshow, since it works with VirtualDub does it install some sort of exe in your Virtualdub folder??

@redwudz,
You are absolutely correct that a Google Search turns up several variants, however I could not find anything regarding the.RES extension on this variant

[Ai Haibara]

vdub.exe is a shell, if I remember correctly, to allow you to run VirtualDub from the command line. That might give it a default EXE icon in some cases, but mine (1.6.17) has a variation of the filmstrip/gear icon.

"Generic" sounds like it may be detecting vdub.exe as a generic dropper (what many of the false positives usually seem to be, I think). If you're removing the file(s), do they reappear in the directory? Also, if you have the archive for the version you're using (or get a new copy, as I think Avery recently updated VirtualDub, anyway), unpack it in a temp directory, and see if AVG still detects that copy of vdub.exe as being a trojan.

[GMaq]

Ai Haibara,
Thanks for the suggestions, I will check them out and see what happens, I sure hope they are false positives!!

[bdf]

Hi,
You've probably worked this out by now but I had the same problem with
AVG 7.5 virus base 18/11/06 detecting vdub.exe (1.6.5.0) in VirtualDub-MPEG2-1.6.8
and AVG stuck it in the vault.
BUT when I updated definitions to 20/11/06, I restored it from the vault and had AVG
recheck and it comes up clean.
prior checks with previous virus bases until 18/11/06 had passed it ok, so I suspect it may
be ok, but I will recheck with next update.
vdub.exe is the command line driver, mine is dated 3 July 2005.

bdf

[redwudz]

AVG 7.5 also IDd VD MPG-2 as that virus on my computer a couple of days ago. I just ignored it. Apparently a false positive. It happens at times.

I just rescanned the same file with AVG, and no problems now. They must have corrected the problem.